Welcome to my site

“Thanks for stopping by! My name is Ismael Valenzuela, a passionate Infosec professional at day, and an IT Security geek at night. When I am not doing consultancy, security research, presenting, teaching or writing reports, I try to find some time to post my thoughts on security, computer science and technology on this blog site. I collaborate regularly with other popular blogs like the Open Security Research and the SANS Forensics Blog.” – Ismael

It’s Sunday evening and I have spent the last hour going through the slides of Cesar Cerrudo’s talk at HiTBSecConf 2008 that took place this week in Dubai. I know it’s sad, but the title of this blog is “passionate about information security”, isn’t it?

Let me give you a bit of background before going further. It’s been almost a month since Cesar Cerrudo, security researcher and CEO of Argeniss publicly warned that the latest Microsoft operating system, Windows Server 2008, might not be as secure as it seems. On an advisory released on March 24, he stated:

“The problem discovered by Argeniss results from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle (SDL), and allows accounts commonly used by Windows services (NETWORK SERVICE and LOCAL SERVICE) to bypass new Windows services protection mechanisms and elevate privileges to achieve complete control over the operating system.”

Blogroll

Disclaimer: This blog represents my own opinion, observations, and thoughts. Anything posted here does not represent my employer, the opinion of my employer or any other organization. – Ismael Valenzuela, 2014